1) Immediately decertify the state’s Diebold Election System (DES). 2) Begin immediate preparations for the deployment of an alternative means of voting in time for the 2006 General Election; 3) To contract with an outside, independent source for parallel testing to be conducted randomly in precincts in 3 counties in Georgia -- Cobb, DeKalb, and Fulton –- for the primary on July 18, 2006, as recommended by the Brennan Report, "The Machinery of Democracy: Protecting elections in an Electronic World".

A security vulnerability recently exposed in the architecture of the DES is being called a "major national security risk" by computer science and security experts. The effect of this vulnerability is that voting systems could be infected throughout an entire state, enabling one attacker to alter election results statewide.

"It's the most severe security flaw ever discovered in a voting system," said Michael I. Shamos, a professor of computer science at Carnegie Mellon University who is an examiner of electronic voting systems for Pennsylvania.

This vulnerability represents an open backdoor that is part of the design of the Diebold TS-R6, which has been deployed in Georgia since 2002.

Diebold admits to this vulnerability but calls it a “feature.”

"Diebold Election Systems spokesperson David Bear says Hursti's findings do not represent a fatal vulnerability in Diebold technology, but simply note the presence of a feature that allows access to authorized technicians to periodically update the software. If it so happens that someone not supposed to use the machine—or an election official who wants to put his or her thumb on the scale of democracy—takes advantage of this fast track to fraud, that's not Diebold's problem. ‘[Our critics are] throwing out a 'what if' that's premised on a basis of an evil, nefarious person breaking the law,’ says Bear.

Not only did federal Independent Testing Agencies (ITA) miss this vulnerability when certifying the DES for Georgia, but Georgia’s state certifying agency, the Kennesaw Center for Elections, missed it as well.

It is clear that the state’s current mechanisms for detecting security vulnerabilities, including state and national certification and testing, are not sufficient to protect the state from election fraud.

Some aspects of this vulnerability were already known to the state of Georgia and Diebold from Maryland’s RABA report of January 20, 2004. Cathy Cox told Georgia voters not to be concerned, that Diebold had agreed to fix those vulnerabilities. Hursti’s tests indicate otherwise.

We believe there is enough evidence to warrant that the Secretary of State call on the State Attorney General to investigate whether Diebold has upheld its contract agreements with the state.

There are also indications that the state knowingly allowed voters to cast ballots in the last federal election on an insecure system. Case in point, in April 2004, Internet Security Systems (ISS) was called in by the governor to consult with the Georgia Technology Authority on the security of Georgia’s DES. They found that the system was not secure and could not be secured in time for the 2004 General Election. This information was not made public, which meant that voters unknowingly were allowed to cast their votes on an insecure system in that presidential election.

We do not consent to being forced to vote on an insecure, unauditable, voting system. Voting in a democracy is not about “trusting” that behind the curtain, individuals will do the right thing. It’s about systems of checks and balances, transparency, accuracy, security, and auditability. The state’s voting system fails on all counts.

“If Diebold had set out to build a system as insecure as they possibly could, this would be it," said Avi Rubin, computer science professor at Johns Hopkins University.

No election results held on Georgia’s DES can be considered legitimate.

We trust the Georgia State Board of Elections, the Secretary of State and the Elections Division will take the right action and immediately decertify the DES in Georgia.